Israeli researchers say they’ve discovered a serious vulnerability in the enterprise software of Samsung’s best-selling Galaxy S4 smartphone that could enable hackers to intercept emails and other data.
The alleged flaw in the Galaxy S4’s high-level security software, known as Knox, was uncovered earlier this month by Mordechai Guri, a Ph.D. student at Ben-Gurion University. Guri is part of a wider research team at the university’s Cyber Security Labs.
“To us, Knox symbolizes state-of-the-art in terms of secure mobile architectures and I was surprised to find that such a big ‘hole’ exists and was left untouched,” Guri said Tuesday in a news release issued by the university.
“The Knox has been widely adopted by many organizations and government agencies and this weakness has to be addressed immediately before it falls into the wrong hands,” he said. “We are also contacting Samsung in order to provide them with the full technical details of the breach so it can be fixed immediately.”
The researchers said hackers could theoretically take advantage of the flaw by installing an “innocent” app oh the phone that could easily intercept data communications, including file transfers, emails and browser activity.
A Samsung spokesman told The Wall Street Journal, which first reported on the vulnerability, that Samsung is investigating the Israeli team’s claims. The reported breach was found on a device that didn’t have all the extra software that a corporate client would usually use in conjunction with Knox, the spokesman told the Journal.
The Knox security software is an added level of protection for select Android devices that Samsung markets to corporate and government clients. It allows users to switch between work and personal use by simply pressing an icon on the handset.
Knox was first released on Samsung's Galaxy Note 3. It doesn't come preloaded on the S4 though users can download the system, according to media reports.
The Israeili team's finding comes as the U.S. government is reportedly weighing whether to swap its fleet of BlackBerry smartphones for devices like Samsung’s Galaxy phones or Apple’s iPhones and iPads.
The Galaxy S4 has earned rave reviews from critics since its debut in March and Samsung has sold more than 40 million units.